Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754091AbbGOJQU (ORCPT <rfc822;w@1wt.eu>);
	Wed, 15 Jul 2015 05:16:20 -0400
Received: from mx1.redhat.com ([209.132.183.28]:53545 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752032AbbGOJQQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 15 Jul 2015 05:16:16 -0400
Date: Wed, 15 Jul 2015 17:16:07 +0800
From: Dave Young <dyoung@redhat.com>
To: linux-kernel@vger.kernel.org, kexec@lists.infradead.org
Cc: jwboyer@fedoraproject.org, tytso@mit.edu, ptesarik@suse.cz,
        dhowells@redhat.com, ebiederm@xmission.com, vgoyal@redhat.com
Subject: Re: [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE
 Kconfig
Message-ID: <20150715091607.GB5424@dhcp-128-92.nay.redhat.com>
References: <20150713021353.282890552@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150713021353.282890552@redhat.com>
User-Agent: Mutt/1.5.22.1-rc1 (2013-10-16)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2371
Lines: 62

On 07/13/15 at 10:13am, Dave Young wrote:
> Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing
> signature verification:
> https://lkml.org/lkml/2015/6/14/280
> 
> Because we have two kexec load syscall, one kexec_load, another kexec_file_load,
> the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI
> secure boot. kexec_file_load verifies kernel signature, but even if with
> CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use
> old syscall and bypass signature verification.
> 
> KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel
> signature for security purpose. 
> 
> The suggestion in above thread is add a new Kconfig option for kexec common
> code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can
> compile only KEXEC_FILE without old kexec_load syscall.
> 
> There's checkpatch warnings and errors, I would like to send furthuer cleanup
> patches after this series. Please let me know if you have other suggestions.
> checkpatch errors are for cases such as assign a value to static variables.
> 
> PATCH 3/3 can be sort out from the series if people do not like. It is a
> cleanup for a macro.

Since it is not related to the Kconfig cleanup thus I will drop it in
next update, will send out as a standalone patch later.

Also there's a kexec-tools patch needed for testing KEXEC_FILE only, I forgot
to mention, will take it in cover letter when I repost:

---
 kexec/crashdump-elf.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

--- kexec-tools.orig/kexec/crashdump-elf.c
+++ kexec-tools/kexec/crashdump-elf.c
@@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info,
 
 	count_cpu = nr_cpus;
 	for (i = 0; count_cpu > 0; i++) {
-		if (get_note_info(i, &notes_addr, &notes_len) < 0) {
-			/* This cpu is not present. Skip it. */
-			continue;
-		}
+		int ret;
+
+		ret = get_note_info(i, &notes_addr, &notes_len);
 		count_cpu--;
+		if (ret < 0) /* This cpu is not present. Skip it. */
+			continue;
 
 		phdr = (PHDR *) bufp;
 		bufp += sizeof(PHDR);

Thanks
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/